#terraform (2018-07)
Discussions related to Terraform or Terraform Modules
Archive: https://archive.sweetops.com/terraform/
2018-07-02
![ag4ve.us avatar](https://secure.gravatar.com/avatar/a509a996d9cf920cbf91a944db2b9bc6.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
@ag4ve.us has joined the channel
![zerocoolback avatar](https://secure.gravatar.com/avatar/e3c5ac975772f23c43a7a205ca682620.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
@zerocoolback has joined the channel
2018-07-05
![jonathan.olson avatar](https://secure.gravatar.com/avatar/a2451bb545b1ea09447c3d02290cb060.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0009-72.png)
@jonathan.olson has joined the channel
2018-07-10
![achrstl avatar](https://secure.gravatar.com/avatar/7c8a583ea16e4babfbba120a8c0502b9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
@achrstl has joined the channel
2018-07-20
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@jamie here’s the TF channel
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
@jamie has joined the channel
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
Oh hi! I can keep my terraform troubleshooting to here without disturbing your geodesic users :)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
We can try - just sensitive to splintering off eyeballs until we have more critical mass
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
but it is nice to keep the threads separated
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
yea, perhaps it’s time. just like we started using #random <— nice
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
@Andriy Knysh (Cloud Posse) has joined the channel
![tamsky avatar](https://avatars.slack-edge.com/2019-10-31/817094217669_6e765cea39b456597957_72.jpg)
@tamsky has joined the channel
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
@Cristin has joined the channel
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Cristin which module are you having trouble with?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
(i’m about to jump on a call - so may be delayed in following up)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Andriy Knysh (Cloud Posse) can also help
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
I’m using elastic-beanstalk-environment
and I’m getting some error related to aws_iam
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
@Cristin uploaded a file: Untitled
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
I took a look over the parameters and the code of the module, but I don’t see a way of passing a aws_iam_role_policy_attachment
or profile
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
@Cristin i’ll look into the error (little bit later), but for now you can look at this repo where we use elastic-beanstalk-environment
: https://github.com/cloudposse/terraform-aws-jenkins/blob/master/main.tf
terraform-aws-jenkins - Terraform module to build Docker image with Jenkins, save it to an ECR repo, and deploy to Elastic Beanstalk running Docker stack
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
terraform-aws-jenkins - Terraform module to build Docker image with Jenkins, save it to an ECR repo, and deploy to Elastic Beanstalk running Docker stack
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
I took a look over the example and how you are attaching a policy to the ec2 instances. I tried doing the same thing but I still get the above errors
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
@Cristin can you share your code? If not public, you can message me or send email to [email protected], I’ll take a look
2018-07-22
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
@Cristin uploaded a file: Untitled
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
@Andriy Knysh (Cloud Posse) Here it is
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
Thank you!
2018-07-23
![maarten avatar](https://avatars.slack-edge.com/2020-09-28/1393040065826_b0d13cfde15deff02026_72.png)
@maarten has joined the channel
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
@Andriy Knysh (Cloud Posse) I managed to make it work by using the configuration you used in the Jenkins example
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
Thank you for you help!
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
@Cristin sorry I did not help you yet, just wanted to look at your code in more details (from what I saw briefly, you mixed a lot of concepts)
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
glad the jenkins
examples hepled
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
@Andriy Knysh (Cloud Posse) I still have one question. How is the best way of connecting the elasticbeanstalk envirment to a RDS database? Just create the database and inject in env vars the database connection details?
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
we have https://github.com/cloudposse/terraform-aws-rds to create an RDS database (no Aurora)
terraform-aws-rds - Terraform module to provision AWS RDS instances
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
also https://github.com/cloudposse/terraform-aws-rds-cluster to create an Aurora cluster
terraform-aws-rds-cluster - Terraform module to provision an RDS Aurora cluster for MySQL or Postgres
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
usage example is here https://github.com/cloudposse/terraform-root-modules/blob/master/aws/backing-services/aurora-postgres.tf
terraform-root-modules - Collection of Terraform root module invocations for provisioning reference architectures
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
yes, the best way is to put the RDS credentials (username, password, etc.) in ENV vars, and then in Elastic Beanstalk environment add those ENV vars to the environment. Then read them in your app
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
like we do here https://github.com/cloudposse/terraform-aws-jenkins/blob/master/examples/new_vpc_new_subnets/main.tf#L41
terraform-aws-jenkins - Terraform module to build Docker image with Jenkins, save it to an ECR repo, and deploy to Elastic Beanstalk running Docker stack
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
(you can add any number of ENVs)
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
we try to follow 12-factor
https://12factor.net/
A methodology for building modern, scalable, maintainable software-as-a-service apps.
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
III. Config
Store config in the environment
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
so first create an RDS cluster https://github.com/cloudposse/terraform-aws-rds-cluster
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
it will output the credentials
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
add the ENVs here https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/blob/master/variables.tf#L248
terraform-aws-elastic-beanstalk-environment - Terraform module to provision an AWS Elastic Beanstalk Environment
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
at Cloud Posse, we use chamber
to securily work with ENV vars and secrets
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
chamber - CLI for managing secrets
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
Awesome information, thanks a lot!
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
geodesic
supports chamber
natively https://github.com/cloudposse/geodesic
Geodesic is the fastest way to get up and running with a rock solid, production grade cloud platform built on strictly Open Source tools. https://docs.cloudposse.com/geodesic/
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
when you provision an RDS cluster from geodesic
, you add the ENVs to chamber
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
terraform-root-modules - Collection of Terraform root module invocations for provisioning reference architectures
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
then you provision terraform-aws-elastic-beanstalk-environment
from geodesic
, you read the ENVs from chamber
![krogebry avatar](https://secure.gravatar.com/avatar/f49ced1d69d92f99bb7acbfb975ed4f1.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0026-72.png)
@krogebry has joined the channel
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
@Andriy Knysh (Cloud Posse) Thank you for all the help! For now I setup a simple RDS postgress db an injected the env variables in a ebs env
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
I still have a question, related to setting up multiple envs like “develop” and “production”
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
I noticed that I can create one ebs
application and create multiple environments for it
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
But in this situation I don’t understand what’s the role of the stage
attribute for the elastic_beanstalk_application
module
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
stage
is to separate the resources b/w diff stages
- see the latest discussing in #announcements
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
also, by using diff stage
, e.g. dev
and prod
, you can deploy the same environment two times for development and production
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
you need to deploy it two times obviously
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
Yes, I know this. But if I have 1 application and 2 environments for it, what’s the role of having stage
setup on the application itself?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
We generally do not prescribe using a single beanstalk for multiple stages even though it is supported
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
stage
is used in all resource names by using the label
module. So (almost) all resources will be names like namespace-stage-name
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
so, if you use the same AWS account and the same EB application to deploy two environments into it, then stage
could be anything you like - but as @Erik Osterman (Cloud Posse) mentioned, we don’t usually do it
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
we try to completely separate stages
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
Ok, I understand. So is a best practive to have 1 app = 1 env
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
even using diff AWS accounts for more security and control
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Yes - that way they share nothing so making changes to one can never impact the other
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
and much easier to control IAM
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Also, have you seen our modules for ECS
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
?
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
Sorry, which one? I looked over a lot of your modules, they are really helpful
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Since you are starting from scratch, I would consider using ECS rather than Beanstalk.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
terraform-aws-ecs-web-app - Terraform module that implements a web app on ECS and supporting AWS resources.
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
Well, the Beanstalk is actually a requirment on the project I’m doing, so I will try ecs on the next one
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
Ok, so if I will create seperate resources (security group, vpc, db, app, env) for each stage what would be the best way to run this twice and not having to duplicate the code? Should I create a module around your modules ?
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
@Cristin we still recommend to separate all resources into at lest two stages (dev
and prod
) and don’t mix anything b/w/ them
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
take a look how it’s separated here https://github.com/cloudposse/staging.cloudposse.co
staging.cloudposse.co - Example Terraform Reference Architecture for Geodesic Module Staging Organization in AWS.
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
staging.cloudposse.co - Example Terraform Reference Architecture for Geodesic Module Staging Organization in AWS.
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
we use ENV vars for stage
too
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
prod.cloudposse.co - Example Terraform/Kubernetes Reference Infrastructure for Cloud Posse Production Organization in AWS
![Cristin avatar](https://secure.gravatar.com/avatar/8248d256612ae68ee2735d5ab64582fd.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0021-72.png)
Ok, I will look into this. Thanks a lot again for your time and availability to help
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
no problem
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
the container + env vars
pattern is our approach to DevOps orchestration and env separation (there could be other ways of doing it)
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
geodesic
is that container, with much more tools inside
2018-07-24
![Yoann avatar](https://secure.gravatar.com/avatar/9509153cc85ed829359aadcd811747b5.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-72.png)
@Yoann has joined the channel
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
we just released https://github.com/cloudposse/terraform-aws-elasticsearch
Contribute to terraform-aws-elasticsearch development by creating an account on GitHub.
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
@Erik Osterman (Cloud Posse) are we going to release that null-label branch we made together that adds context as a variable?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
what Support passing a label's context between label modules why DRY demo module "label1" { source = "../../" namespace = "Namespace" stage = &…
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
yea, i was just holding off since it was “complicated”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
but we can merge
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@jamie do you want to add environment
?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
(in a follow up PR)
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
I did yeah :)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Is his change by @dennybaa
in that commit not needed?
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
He pushed his change through…. its in now
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
whoot!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
so, one more test and then approve?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
(i can’t approve, since I opened the PR)
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
I have just pushed the changes
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
I have updated the readme to include the new features too
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
tested and working?
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
yeah, using the example
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
./examples/complete
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
cool
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
ok, you can approve, merge, and tag a new minor release
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
terraform apply [ruby-2.5.1p57]
data.null_data_source.tags_as_list_of_maps[5]: Refreshing state...
data.null_data_source.tags_as_list_of_maps[1]: Refreshing state...
data.null_data_source.tags_as_list_of_maps[0]: Refreshing state...
data.null_data_source.tags_as_list_of_maps[4]: Refreshing state...
data.null_data_source.tags_as_list_of_maps[3]: Refreshing state...
data.null_data_source.tags_as_list_of_maps[2]: Refreshing state...
data.null_data_source.tags_as_list_of_maps[0]: Refreshing state...
data.null_data_source.tags_as_list_of_maps[4]: Refreshing state...
data.null_data_source.tags_as_list_of_maps[1]: Refreshing state...
data.null_data_source.tags_as_list_of_maps[2]: Refreshing state...
data.null_data_source.tags_as_list_of_maps[3]: Refreshing state...
data.null_data_source.tags_as_list_of_maps[0]: Refreshing state...
data.null_data_source.tags_as_list_of_maps[2]: Refreshing state...
data.null_data_source.tags_as_list_of_maps[1]: Refreshing state...
data.null_data_source.tags_as_list_of_maps[3]: Refreshing state...
data.null_data_source.tags_as_list_of_maps[4]: Refreshing state...
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:
label1 = {
attributes = fire-water-earth-air
id = cloudposse-uat-build-winstonchurchroom-fire-water-earth-air
name = winstonchurchroom
namespace = cloudposse
stage = build
}
label1_context = {
attributes = [fire-water-earth-air]
delimiter = [-]
environment = [uat]
name = [winstonchurchroom]
namespace = [cloudposse]
stage = [build]
tags_keys = [City Environment Name Namespace Stage]
tags_values = [Dublin Private cloudposse-uat-build-winstonchurchroom-fire-water-earth-air cloudposse build]
}
label1_tags = {
City = Dublin
Environment = Private
Name = cloudposse-uat-build-winstonchurchroom-fire-water-earth-air
Namespace = cloudposse
Stage = build
}
label2 = {
attributes = fire-water-earth-air
id = cloudposse-uat-build-charlie-fire-water-earth-air
name = charlie
namespace = cloudposse
stage = build
}
label2_context = {
attributes = [fire-water-earth-air]
delimiter = [-]
environment = [uat]
name = [charlie]
namespace = [cloudposse]
stage = [build]
tags_keys = [City Environment Name Namespace Stage]
tags_values = [London Public cloudposse-uat-build-charlie-fire-water-earth-air cloudposse build]
}
label2_tags = {
City = London
Environment = Public
Name = cloudposse-uat-build-charlie-fire-water-earth-air
Namespace = cloudposse
Stage = build
}
label3 = {
attributes =
id = release-starfish
name = starfish
namespace =
stage = release
}
label3_context = {
attributes = []
delimiter = [-]
environment = []
name = [starfish]
namespace = []
stage = [release]
tags_keys = [Animal Eat Environment Name Namespace Stage]
tags_values = [Rabbit Carrot release-starfish release]
}
label3_tags = {
Animal = Rabbit
Eat = Carrot
Environment =
Name = release-starfish
Namespace =
Stage = release
}
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
Minor?
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
What constitues a major?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
haha, i know…
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
just i don’t want to go to 1.0.0
yet
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
thats like… only got the same variables as the original
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
so, we say pre 1.0
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
okay
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
so we are at 0.3.8
now, this should be 0.4.0
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
i am not yet sure what constitutes a 1.0.0
release - we don’t yet have any
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
probably a topic for another day… but some considerations are “stable interface”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
so if we plan on adding a bunch more parameters, feels like the interface is not yet stable
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
You need a new “Definition of done”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
even terraform is pre 1.0
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
https://github.com/cloudposse/terraform-null-label/releases/tag/0.4.0 @Erik Osterman (Cloud Posse)
terraform-null-label - Terraform Module to define a consistent naming convention by (namespace, stage, name, [attributes])
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@jamie I missed something maybe in that release… or at least let’s discuss
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
local.namespace, local.environment, local.stage
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Seems to me that stage is more broad than environments
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
So it should come before environment
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
No?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@tamsky have any insights
![tamsky avatar](https://avatars.slack-edge.com/2019-10-31/817094217669_6e765cea39b456597957_72.jpg)
I strongly agree with the rationale in the release notes; some organizations have existing mental models and terminology.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Hrmm I guess I can see pros and cons both ways
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
What would be a real-life example of using both at the same time?
![sarkis avatar](https://secure.gravatar.com/avatar/3606f27756cf1a49f22f966e4ddf01a6.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
@sarkis has joined the channel
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
the challenge here is what we do with our 100 terraform modules that don’t yet support environment
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@tamsky any insights on ordering? namespace-stage-environment
or namespace-environment-stage
2018-07-25
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
In your terraform modules you can just leave it out
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
It can be either. But other companies may use both when stage is being referred to as the disposable type of stage. Like source, build, deploy. Or extract, transform, load. Or raw, resized, thumbnail.
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
https://github.com/firmstep-public/trainingdayfour in progress…
trainingdayfour - Training Day Four: Review how to use Terraform Variables, and look at how to lay out a Terraform Directory Structure.
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
@jamie @tamsky I understand the thinking about having stage
and environment
at the same time. But IMO it just complicates everything. You are saying that stage
could refer to source, build, deploy, extract, transform, load. raw, resized, thumbnail. Those seem to be stages in an CI/CD pipeline or some other process of transforming data or building/deploying some artifacts. As I see it, they don’t relate to infrastructure environments that we deploy with Terraform. Are you saying that we need to deploy some TF resources with names like cp-prod-deploy-myapp
, cp-prod-load-myapp
? Sounds like parts of a pipeline, not a separate set of AWS resources
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
I’m saying that by having both, people who use the module can keep the it close to their own naming system, without breaking the cloudposse naming system.
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
what would be a real example of using names like these in a real infrastructure having separate stages/environments
like dev
, prod
?
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
Outside of Cloudposse: If one was making a codepipeline pipeline for example, and you had two parts to it, all using the dockerised codebuild system, one of the codebuild stages might be called stage:build attributes: [“java”], another might be stage:build attributes: [“golang”], another might be stage:deploy attributes: [“s3-assets”]
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
Hmm I see your point. But are those Terraform resources? The label module is used to name TF resources
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
And we already have attributes in the module to add more parts to the names
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
I realise, but when I introduce the label to my company and my clients, they have said they have a naming convention that includes environment. By having Environment optional, it also allows us to name items using the word environment in the same way we have been doing on the cloudposse modules.
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
i agree, we can use the module in many ways now
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
just did not want to over-complicate things that could be simple
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
One nice thing though, is in the future of the cloudposse modules, the modules all the modules can contain a “context” map variables too.
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
![Arkadiy avatar](https://secure.gravatar.com/avatar/b54c5db9e5993bd001c52403e78ccfe3.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0017-72.png)
@Arkadiy has joined the channel
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
thanks @jamie
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
looks like all of that stage
vs. environment
stuff is used mostly for tagging, not for naming
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
which are diff things
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
ya
2018-07-27
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
@loren has joined the channel
![Ruslan avatar](https://avatars.slack-edge.com/2019-09-21/770384798935_bb088f4ca6c6fccfc90a_72.jpg)
@Ruslan has joined the channel
![Ruslan avatar](https://avatars.slack-edge.com/2019-09-21/770384798935_bb088f4ca6c6fccfc90a_72.jpg)
Hi Everyone! First of all - big thanks for Terraform scripts on Github! It was invaluable source of knowledge and easy to use as is too.
![Ruslan avatar](https://avatars.slack-edge.com/2019-09-21/770384798935_bb088f4ca6c6fccfc90a_72.jpg)
Come to talk about terraform-null-label and name sequence
![Ruslan avatar](https://avatars.slack-edge.com/2019-09-21/770384798935_bb088f4ca6c6fccfc90a_72.jpg)
any insights on ordering? namespace-stage-environment
or namespace-environment-stage
![Ruslan avatar](https://avatars.slack-edge.com/2019-09-21/770384798935_bb088f4ca6c6fccfc90a_72.jpg)
In my opinion this should be configurable, because on the projects I am on right now we have namespace-app-stage
.
![Ruslan avatar](https://avatars.slack-edge.com/2019-09-21/770384798935_bb088f4ca6c6fccfc90a_72.jpg)
I`ve created issue on GitHub for that: https://github.com/cloudposse/terraform-null-label/issues/35
Currently, this repo supports only namespace-stage-name sequence. In some organizations, there is a different standard for example namespace-name-stage. Please consider and explore whether it is po…
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Ruslan I have been considering this as well
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
To me, it’s most natural to move the environment after the stage
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
But allowing order to be overridden would be also a nice feature
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@jamie
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
No problem
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
I’ll give it a pattern variable
![Ruslan avatar](https://avatars.slack-edge.com/2019-09-21/770384798935_bb088f4ca6c6fccfc90a_72.jpg)
Personally I believe namespace-stage-app
is proper way (because stage/env is the isolated space in which all the apps are working). But on the current project it is done as namespace-app-stage
.
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
hey folks! does anyone know of tooling that helps create a terraform state file, based on a given terraform configuration, by importing existing resources?
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
we have a number of accounts with resources we can’t recreate, but we’re just getting started with terraform (switching from cloudformation). we’ve written terraform modules to manage everything, and it works great for new accounts, and now we’re looking into how we can extend it to prior accounts…
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
terraform state list
gives all the resource names, which seems to work with terraform import
. however, it also outputs all the data source names (with no differentiation between resources and data sources), which don’t need to be imported
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
ahh thanks, i looked at that earlier, but it didn’t seem like quite what i needed… i’ll give it a try and see how it goes
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
i don’t want to import all resources of a particular type, and i don’t want the resources in the root module, which is what the examples look to be doing
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
but perhaps it has more options
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
seems not, unfortunately. any other tools?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
We had to do this a year ago for another customer, but we went the tedious route of defining all the resources by hand and importing the state. It took a lot of effort to get a clean plan.
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
that’s what i’m going through now… i have the output of state list
, so i’m using that as a known good starting point to define an configuration map of resource: id
and a simple wrapper to import all resources with a defined id
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
then the tedious process of populating the config file for each account
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Yea, it sucks. Fortunately I had some help from offshore contractors. I can make an intro if you’d like.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
PM me
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
other option i suppose would be to take the state file from a known good account and template that
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
offshore contractor not an option for this customer, unfortunately. we pretty much are the hired help. thanks for the offer though
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
You can use it to import everything, and then just manually edit the state file to only include the ones you want.
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
Its about all we have at the moment
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
@Ruslan @Erik Osterman (Cloud Posse) I’ve created a pull request that adds that feature you were after https://github.com/cloudposse/terraform-null-label/pull/36
A new variable that allows for providing a label_order as a list to specify which variables and in what order they go into the id output and Name tag. The list can include all or none of the a vari…
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I will take a look as soon as I get into the office
![Ruslan avatar](https://avatars.slack-edge.com/2019-09-21/770384798935_bb088f4ca6c6fccfc90a_72.jpg)
Yes, it works, Ive tried it. <https://github.com/cloudposse/terraform-null-label/pull/36#issuecomment-408472191> However I am using label through
terraform-aws-cicd and
terraform-aws-codebuild` projects and need support in them for label_order.
![Ruslan avatar](https://avatars.slack-edge.com/2019-09-21/770384798935_bb088f4ca6c6fccfc90a_72.jpg)
Should I add issue (or even better, PR) to these projects as well?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Yes we will accept PRs
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Issue not needed
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Regarding label module, I have an idea I want to test before I comment
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
But currently afk
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
For the label module, it looks now it would be better to just add a few parameters, p1, p2, p3, p4, p5, etc. and use them as we want. Instead of assigning a meaning to all of them and then decide on the order?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
No
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
100% want meaning
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I was just reflecting on this point
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
The thing is we need to standardize nomenclature
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
This is what I love about @jamie document for this
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Even if I disagree with ‘environment’
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
However I have an idea based on what you say @Andriy Knysh (Cloud Posse)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Will whip up prototype to express how this should be working
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I think it will satisfy everyone but might belong in a new module
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
Ok
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
@Ruslan once the guys have reviewed the pull request and its good to add, we can start updating the other modules to be compatible with context.
![jamie avatar](https://avatars.slack-edge.com/2019-06-04/648624411249_c92a3e1cb863bae41d5b_72.jpg)
which will allow you to pass in a label modules context and use that for formatting.
2018-07-30
![johntellsall avatar](https://secure.gravatar.com/avatar/9120a17d44e0c40f2b781ec94a0cd43e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0007-72.png)
@johntellsall has joined the channel
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@fernando thanks for adding the test case to https://github.com/cloudposse/terraform-aws-ecs-container-definition/pull/9
What Adjust the regexp used to overcome Terraform's type conversions for integer and boolean parameters in the JSON container definition. The new regexp preservers the string type for environme…
![fernando avatar](https://avatars.slack-edge.com/2018-07-30/407056605728_96c449313b674dbfbb76_72.jpg)
Travis build timed out for some reason, no explanations given
What Adjust the regexp used to overcome Terraform's type conversions for integer and boolean parameters in the JSON container definition. The new regexp preservers the string type for environme…
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Could be intermittent failure on their end
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Just getting up :) will take a look in a couple of hours.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I’m just about to step out the door for the evening, so will take a look tomorrow.
![fernando avatar](https://avatars.slack-edge.com/2018-07-30/407056605728_96c449313b674dbfbb76_72.jpg)
Sure thing, let me know what you think, and enjoy the rest of the evening!
2018-07-31
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Okay! I took a look. Looks good, almost exactly what we needed. Let’s add test case for quoted numbers and booleans as well.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@i5okie thanks for joining! Saw your comment on the issue here: https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/issues/42
terraform-aws-elastic-beanstalk-environment - Terraform module to provision an AWS Elastic Beanstalk Environment
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Let me know if I can be of assistance.
![i5okie avatar](https://secure.gravatar.com/avatar/a5a5e4b62699a4adf3c150d0ffcb3b4c.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
yeah we had an older release of the module. i just copied the lifestyle block there
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Is it working now with the latest release?
![i5okie avatar](https://secure.gravatar.com/avatar/a5a5e4b62699a4adf3c150d0ffcb3b4c.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
i didn’t update to latest release (long story short, cant lol) but i copied the fix across. and its working now. thanks
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
ok, great!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
what Do not allow MFA device deletion without MFA present why I think this allows an attacker to create a new MFA device without MFA authentication references <https://github.com/cloudposse/terr…
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Would like feedback on this. Am I missing something here?
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
@pmuller has joined the channel
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
one thing i’d like to do here is to restrict aws account usage by source ip address
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
if your users all work in the same office
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
you could restrict mfa management to your office ip address
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
yea, that could be an enhancement
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
that way an attacker should steal api keys or password + be physically close to your office and hack your wifi to abuse your aws account
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
one thing I’ve loved about Duo is the ability to do geofencing
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
did not try this yet but i’d like to do this here
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
Duo ?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
yea, they are a MFA saas
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
(and now also do SSO)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://duo.com/assets/img/home/homepage-meta.jpg)
Duo’s Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps you want them to access.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
We have support for this in our bastion container: https://github.com/cloudposse/bastion
bastion - Secure Bastion implemented as Docker Container running Alpine Linux with Google Authenticator & DUO MFA support
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
so basically Duo will store your users secret mfa keys?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
yep
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
and offer multiple forms of 2FA
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
you can choose which ones you allow
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
interesting ! (i dropped the google authenticator idea precisely because i was afraid of storing those mfa secrets)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
you can also require, for example, that their MFA device is up to date
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
that their OS is current
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
etc..
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
so policy management at a higher level
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
yea, GA is a nice contribution by google, but seriously difficult to truly secure.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Also, are you familiar with Teleport for SSH?
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
their current os ? is it using TNC ?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
their = ?
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
This “their”
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
how Duo is checking for OS version ?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
since one factor is mobile push notifications
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
they can get a lot of metadata
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
including gps location
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
OS version
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
authenticator version
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
device os
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
etc
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
very interesting
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
about teleport, i would like to use it and log everything with it, but haven’t taken time to try it yet
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
my current compromise is logging a lot with auditd and pam_audit_tty
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Yea, we used to do something similar.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
sudosh - Shell wrapper to run a login shell with sudo
as the current user for the purpose of audit logging
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
does pam_audit_tty work without ttys?
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
nope
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
that’s from Duo ?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
yea
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
nice!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
maybe i am a bit too paranoid for the cloud era … i grew up in datacenters, and started using aws in 2016 … but i still have too much of the data center / oss guy thinking: DIY ! so at first i even had a hard time trusting AWS (then I realized how absurd it was..) let alone talking about a 3rd party for authentication
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
but yeah, i sometimes feel like i am wasting my time
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
[override.tf](http://override.tf)
appears to have no impact/influence over terraform { ... }
block
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
too bad
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
cannot terragrunt be helpful with your sed hack? (haven’t tried it yet)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
i am not well versed in terragrunt
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
i know terragrunt can do what our module does out of the box
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
but i like that we’re defining the infrastructure for bucket/dynamodb with terraform rather than another tool
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
i like ideas terragrunt brings on the table, but i know from experience it’s better to use vanilla tools in the long term … wrappers comes and go … and creates debt!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
yes - agree
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
i would consider using it for specific cases such as this
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
small in scope
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
i’d be happy to hear about your feedback
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
btw, do you test your tf modules ? if so, how ? (doing so with all the code i write… except tf, so it’s frustrating)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
we’re not quite there yet. right now, we do lint testing only.
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
same here
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
not even that … we just run “terraform fmt” and check if there is a change in the repo
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
i feel poor with just this
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
See our plan of attack here: https://sweetops.slack.com/archives/CB84E9V54/p1532332704000172
Can we automate geodesic terraform to build and destroy a cluster in a CI env ?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
in the #geodesic channel
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
basically, we package all infrastructure in a container along with terraform
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
thus, it’s an app like everything else
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
our strategy is to use our testing account to run: plan
, apply
, plan
, destroy
, plan
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I am less enthused by atlantis and terratest
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
haven’t heard about atlantis
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
terratest requires to write tests in go, which is rather unpleasant
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
wants a nice test runner/framework like pytest ;)
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
lunch time, bbl
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
cool, ttyl!
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
ior have a good night
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
(yea, I’m in Los Angeles)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
tflint - TFLint is a Terraform linter for detecting errors that can not be detected by terraform plan
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Contribute to terraform-provider-generic development by creating an account on GitHub.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
this is an interesting concept. it reminds me of the “porcelain” plugin module used in helm
, but applied to terraform providers
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
using this, it’s possible to define a “basic” provider in any language, and then accept targets like apply
, destroy
, etc
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
the implementation above seems like a POC, but if anyone else has seen one, lmk
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
note, this is very different from the data external provider which does not distinguish between phases
![pmuller avatar](https://secure.gravatar.com/avatar/fdb112fec548790fec3924f2cb149c2d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
oh nice!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Related to the earlier question of terraform cicd, this looks interesting
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
tfnotify - A CLI command to parse Terraform execution result and notify it to GitHub
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
This will take the output of terraform plan/apply and post it back to GitHub or Slack.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Andriy Knysh (Cloud Posse) wrote a generic tool for this, not specialized for terraform called ‘github-commenter’